Description
The Fluent Forms WordPress plugin before 6.2.5 does not properly restrict the deletion of form submission entries to the forms a restricted Manager is authorized to manage, allowing a Manager limited to specific forms to permanently delete submission entries belonging to other forms. This requires a non-default configuration in which an administrator has created at least one Manager restricted to specific forms.
Published: 2026-07-02
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Jul 2026 18:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269
CWE-639

Wed, 08 Jul 2026 13:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-639

Tue, 07 Jul 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-639

Tue, 07 Jul 2026 08:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-639

Mon, 06 Jul 2026 11:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-639

Mon, 06 Jul 2026 05:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-639

Sun, 05 Jul 2026 12:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-639

Sun, 05 Jul 2026 02:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-639

Sat, 04 Jul 2026 10:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-639

Sat, 04 Jul 2026 05:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-639

Fri, 03 Jul 2026 18:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-639

Fri, 03 Jul 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-639

Thu, 02 Jul 2026 16:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-639

Thu, 02 Jul 2026 06:15:00 +0000

Type Values Removed Values Added
Description The Fluent Forms WordPress plugin before 6.2.5 does not properly restrict the deletion of form submission entries to the forms a restricted Manager is authorized to manage, allowing a Manager limited to specific forms to permanently delete submission entries belonging to other forms. This requires a non-default configuration in which an administrator has created at least one Manager restricted to specific forms.
Title Fluent Forms < 6.2.5 - Form Manager+ Cross-Form Submission Entry Deletion via IDOR
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2026-07-02T12:54:19.224Z

Reserved: 2026-06-08T11:40:12.713Z

Link: CVE-2026-11578

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-08T17:45:03Z

Weaknesses